New Security Features of SAP NetWeaver 7.40

With the General Availability of the new SAP NetWeaver 7.40 Release (see SAP SCN), some interesting security features are delivered:


1)  To fulfill industry-specific or legal requirements, it might be required to control access to business critical and sensitive data. The new Read Access Logging framework of SAP NetWeaver 7.40 enables compliant logging of data access. Depending on the needs, you can monitor only the access to these data but also which data have been accessed by whom. Currently it is possible to monitor RFC client and server side access, webservice access and web dynpro access. Further access monitoring is planned as well as a downport to SAP NetWeaver release 7.31. More information can be found here.


2)   NetWeaver 7.40 now supports Single Sign-On via OAuth 2.0 to access OData webservices without providing user/password combination each time. This is especially helpful for accessing 3rd party cloud applications. Technical details on OAuth 2.0 and the configuration for NetWeaver 7.40 can be found here.




3)  Another enhancement has been made in securing the NetWeaver 7.40 application server ABAP using ‘security policies’. It is now possible to define user specific password and logon criteria by combining these security policy attributes in specific security policies, e.g. to be able to use stricter rules for system admins then for end users. Details on security policies and how to set up policies and assign them to the user master record can be found here.


NW7.3 (1) and NW 7.4:

The Java codelines of NetWeaver 7.31 (which was an enhancement package to NetWeaver 7.30) and NetWeaver 7.4 are identical from a feature perspective. The biggest difference is on the ABAP side where the access to SAP HANA has been greatly optimized including the overall NetWeaver support of the Business  Suite on SAP HANA intiative. SAP NetWeaver 7.4 is our new go-to release for SAP NetWeaver customers but the concrete feature difference to previous NetWeaver versions varies with the concrete setup of your solution landscape.

Please consider SAP note 1843183 (available on Service Marketplace) which documents the staggered delivery of 7.4 and possible upgrade paths to 7.4 from previous NetWeaver releases in detail. 


No comments:

Post a Comment